HackMii

Notes from inside your Wii

HackMii header image 2

25c3 presentation

January 13th, 2009 by bushing · 30 Comments

Most of our faithful readers probably already saw this, but for those who missed it, Marcan and I presented on behalf of Team Twiizers at the 25th annual Chaos Communication Conference in Berlin. Slides are available, and you can watch the video.

The content of it will be familiar to most readers here. With most of the team there at the conference, we had made it our goal to get BootMii displaying something on the screen for the demo; the challenge here is that the Starlet can’t directly write to the video registers, so we have to inject PPC code to the Broadway over the EXI bus, and then have THAT actually draw to the screen. We didn’t quite manage to finish it before the presentation started, but the rest of the crew got it working while we presented, and we eventually got something up on the screen at the end of the demo.

It’s a shame, because that modest demo (a simple console on the screen) doesn’t reflect the enormous amount of effort required to get to that point. At this point, we have a fairly solid BootMii core, but it doesn’t do anything useful. We need to write an installer to be proud of (with error checking and stuff), as well as some low-level applications that use it (backup / restore, etc), and need to implement IPC so we can actually present a nice UI.

We’re working on it. :)

Tags: Wii

30 responses so far ↓

  • 1 roboprez // Jan 13, 2009 at 7:27 pm

    So it seems that BootMii is coming along quite nicely, well done!

  • 2 gamezr2ez // Jan 13, 2009 at 9:30 pm

    that sounds great!

    does anyone think that it would be possible (anythings possible, but is it likely?) to make a custom operating system with bootmii at its core?
    possibly an adapter distro of linux that can install completely on the NAND and not have any Nintendo software left on the chip?

  • 3 HenshinMijin // Jan 13, 2009 at 11:37 pm

    YES YES!!!
    That’s all I wanted was for you guys just to mention BootMii in a recent article. Just so you could keep the hope alive. Really you guys rock!
    If there’s anything I can do to help out in any way, please give me a shout-out.

    fo shizzle
    ~K Dizzle™

  • 4 Ibrahim Awwal // Jan 14, 2009 at 12:26 am

    Nice, looking forward to BootMii. By the way, who exactly is on Team Twiizers besides bushing and marcan? I’ve never really been able to figure it out.

  • 5 Dood77 // Jan 14, 2009 at 12:51 am

    Thanks for posting that! I knew there was probably some videos of this somewhere but I halfway forgot and halfway didn’t know where to look, but I started watching this and all of the sudden it was over and I had lost an hour!

    So either you guys managed to keep my interest or I just had a close encounter with a UFO. Either way, it was time well spent. Really fascinating stuff. I especially liked the slide about the “hacking motivation” and what restricting homebrew has done for piracy.

  • 6 HyperHacker // Jan 14, 2009 at 1:27 am

    UI? I thought the idea of BootMii was just to load a program from SD and run it on Starlet at bootup, to provide a way to unbrick?

  • 7 natalic // Jan 14, 2009 at 2:20 am

    Hey man, I watched the presentation and was simply blown. I do a lot of computer stuff myself. I do mainly PHP and C++, so I have a extensive knowledge of buffer overflows and what not. I wish I had the time to pick up cryptography but alas I am too busy with other stuff. I respect everything you guys do and am glad the Wii has a team noobz and Dark Alex! And at this point team twiizers should be classified as the wii’s DarkAlex(I know he is a person but still). Anyway thx for everything!

  • 8 bob // Jan 14, 2009 at 2:32 am

    @gamezr2ez: Even with my limited understanding, I can answer that.

    BootMii isn’t going to be the “core” of anything. It is just a modified boot2; a hijacked step in the boot process.

    Many things can be written to take advantage of BootMii, such as an alternate system menu, Linux that actually has full control rather than relying on IOS calls, brick recovery tools, or just a loader for normal homebrew like the HBC that can be used quickly from the sd card on the wii’s startup without having to install it to nand.

    I think it is important to stress the point that speculation and pestering with questions is not a good idea. I think there is a vast majority of people out there who have no clue what bootmii is and there is a real danger for speculation and rumors to start as they have in the past.

    It is probably pointless to say this, BUT PEOPLE SHOULD HAVE RESTRAINT AND NOT PESTER OR SPECULATE ABOUT BOOTMII.

  • 9 djdynamite123 // Jan 14, 2009 at 2:50 am

    nice words bushing, :) just hope i can have allot of use with this before wii2 comes out :P

    No rush, +Respect

  • 10 DanielHueho // Jan 14, 2009 at 6:07 am

    I hope you have great sucess with BootMii, Twiizers! Looks promissing. BTW, will be released some kind of tools to help people to create BootMii-compatible apps?

    @gamezr2ez
    That sounds somewhat pointless, unless you are going to never play games on the Wii.

  • 11 C4B0S3 // Jan 14, 2009 at 6:35 am

    Nice work Team Twiizers :)
    You better place some disclaimer with the copyright protection with size 30 in it, otherwise the jerks of argon claim that they developed it :D

  • 12 marcan // Jan 14, 2009 at 6:40 am

    @gamezr2ez:
    I think a better idea would be to do that but intead do everything from an SD card, which would leave your NAND almost entirely untouched (except for bootmii), so you can dual boot.

  • 13 SageChaozu // Jan 14, 2009 at 8:49 am

    That is a very nice read. I am currently going through the slides as we speak at work. This inspires me to learn more about programming and hardware. It’s good to see you guys are working hard and sticking to your disciplines. Keep up the good work.

  • 14 qiantpune // Jan 14, 2009 at 9:51 am

    Nice!!!! I’ve been looking forward to bootbii for a while. Just don’t forget to release the source to argon for approval before you release it. You wouldn’t want to step on their toes again.

  • 15 gamezr2ez // Jan 14, 2009 at 12:23 pm

    @ marcan:
    I thought about that as well, wondering about speed being an issue though, was going to check into that

    but thats all for future discussions, for right now let me say what a great job you guys have been doing

    its amazing at how you explain how you guys managed to do all this, when i was listening to it i was thinking “Oh yeah, that would work, thats a good idea, ect ect” but the fact of the matter is, all those ideas are hard to come up with at the beginning, who woulda thought to check the 16mb you had access to and then figure a way to gain access to the other 48, genius!!

    so thanx for everyone who has directly or indirectly worked on this.

  • 16 Wasp_Box // Jan 14, 2009 at 2:48 pm

    Enjoyed the video. Excellent dissection of the Wii.

    Good luck with bootmii.

  • 17 Remadon // Jan 14, 2009 at 5:41 pm

    @anybody?

    So is the whole Argon Channel Thing over?
    Someone took down the notice at wiibrew…

  • 18 Remadon // Jan 14, 2009 at 5:46 pm

    @Marcan or Bushing:

    I just got an interesting thought:

    The whole “Twilight Hack by Team Twiizers”
    thing when you highlight it after copying the save data to the wii system memory, There is your copyright. Argon loses.

  • 19 cheatman3005 // Jan 14, 2009 at 6:54 pm

    I watch it and I love it.

    I saw that someone in the audience say when it will come out.

    I definitely can’t wait for BootMii comes out so I can fix my Wii problem. Banner Brick. If u must know, I have no Starfall. Too risky for me at the time.

    marcan and bushing…

    Keep up the good work.

  • 20 marcan // Jan 14, 2009 at 10:03 pm

    @gamezr2ez:
    SD is fast (especially without IOS). Then there’s USB 2.0 high-speed, which *is* possible from an IOS-free environment, given the proper code to tie it to Linux. It’s one of the things I’m investigating.

    @cheatman3005:
    If you have system menu 3.2 and a modchip, you can fix it with a SaveMii. If you can’t fix it with a SaveMii then you’ll need some kind of NAND writer to install BootMii.

  • 21 Average GBATemper // Jan 14, 2009 at 11:44 pm

    So will this let me downgrade to 3.2 so I can run backups without a modchip? Or better still, let me run ISOs off the SD card? Cos we all know how great homebrew (especially the backups) has been for the PSP and DS.

    Please let me know, all the [s]script kiddies[/s] homebrewers back at the forum want me to report back.

    I promise that no-one at GBAtemp will use this to install backup loader for piracy reasons. We’ll just use it to backup our legally purchased software. Keep up the GREAT work,

    ~PoE (check out my law)

  • 22 Average GBATemper // Jan 14, 2009 at 11:45 pm

    “This” was referring to BootMii, sorry.

  • 23 murkantor // Jan 15, 2009 at 1:34 am

    I know some presentations don’t go smoothly, and that one didn’t go to well… But it was very informative, well done.

  • 24 Dood77 // Jan 15, 2009 at 2:57 am

    @marcan
    Sweet. I’m looking forward to the day where I can boot a specialized linux distro off my 160GB USB HDD.

  • 25 cheatman3005 // Jan 15, 2009 at 1:07 pm

    @marcan

    No. I don’t have any chips or low firmware. It’s just and 3.3 firmware and below the DVDx patch that Nintendo patched up.

    That’s below the Mii Channel, Wii Shop Channel, Nintendo Channel, and Firmware 3.4. i have to wait til you guys are finish. :(

  • 26 metroid maniac // Jan 17, 2009 at 6:02 am

    @cheatman3005

    if you left tp hack on the wii it might be possible if you chip it. just autoboot patch zelda tp and run any region changer. altough i’m not sure…

  • 27 Dykam // Jan 17, 2009 at 9:21 am

    Hmm, nice to see how it is implemented. Booting from SD, multi System Menu booting, etc.

  • 28 cheatman3005 // Jan 17, 2009 at 12:26 pm

    @metroid maniac

    1. I don’t know how to get them or how to use.
    2. I like to leave my away from chips.
    3. I think the TLH is dead from my Wii. I got one of those first type of TLH.

  • 29 metroid maniac // Jan 25, 2009 at 4:22 am

    after bootmii, will you guys be working on unofficial pads working. i want to play super metroid redesign with my datel wireless classic pad

  • 30 bash102 // Jan 27, 2009 at 8:32 pm

    I am really interested in making my own extension work with the Wiimote. The big challenge is the encryption it uses. Is anyone working on that too? I would love to collaborate.

You must log in to post a comment.